-
Notifications
You must be signed in to change notification settings - Fork 880
/
kustomization.yaml
118 lines (110 loc) · 3.96 KB
/
kustomization.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
sortOptions:
order: legacy
legacySortOptions:
orderFirst:
- Namespace
- ResourceQuota
- StorageClass
- CustomResourceDefinition
- MutatingWebhookConfiguration
- ServiceAccount
- PodSecurityPolicy
- NetworkPolicy
- Role
- ClusterRole
- RoleBinding
- ClusterRoleBinding
- ConfigMap
- Secret
- Endpoints
- Service
- LimitRange
- PriorityClass
- PersistentVolume
- PersistentVolumeClaim
- Deployment
- StatefulSet
- CronJob
- PodDisruptionBudget
orderLast:
- ValidatingWebhookConfiguration
resources:
# Cert-Manager
- ../common/cert-manager/cert-manager/base
- ../common/cert-manager/kubeflow-issuer/base
# Istio
- ../common/istio-1-23/istio-crds/base
- ../common/istio-1-23/istio-namespace/base
- ../common/istio-1-23/istio-install/overlays/oauth2-proxy
# oauth2-proxy
# NOTE: only uncomment ONE of the following overlays, depending on your cluster type
- ../common/oauth2-proxy/overlays/m2m-dex-only # for all clusters
#- ../common/oauth2-proxy/overlays/m2m-dex-and-kind # for KIND clusters (allows K8S JWTs for gateway auth)
#- ../common/oauth2-proxy/overlays/m2m-dex-and-eks # for EKS clusters (NOTE: requires you to configure issuer, see overlay)
# Dex
- ../common/dex/overlays/oauth2-proxy
# KNative
- ../common/knative/knative-serving/overlays/gateways
# Uncomment the following line if `knative-eventing` is required
# - ../common/knative/knative-eventing/base
- ../common/istio-1-23/cluster-local-gateway/base
# Kubeflow namespace
- ../common/kubeflow-namespace/base
# NetworkPolicies
- ../common/networkpolicies/base
# Kubeflow Roles
- ../common/kubeflow-roles/base
# Kubeflow Istio Resources
- ../common/istio-1-23/kubeflow-istio-resources/base
# Kubeflow Pipelines
- ../apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user
# Katib
- ../apps/katib/upstream/installs/katib-with-kubeflow
# Central Dashboard
- ../apps/centraldashboard/overlays/oauth2-proxy
# Admission Webhook
- ../apps/admission-webhook/upstream/overlays/cert-manager
# Jupyter Web App
- ../apps/jupyter/jupyter-web-app/upstream/overlays/istio
# Notebook Controller
- ../apps/jupyter/notebook-controller/upstream/overlays/kubeflow
# Profiles + KFAM
- ../apps/profiles/upstream/overlays/kubeflow
# PVC Viewer
- ../apps/pvcviewer-controller/upstream/base
# Volumes Web App
- ../apps/volumes-web-app/upstream/overlays/istio
# Tensorboards Controller
- ../apps/tensorboard/tensorboard-controller/upstream/overlays/kubeflow
# Tensorboard Web App
- ../apps/tensorboard/tensorboards-web-app/upstream/overlays/istio
# Training Operator
- ../apps/training-operator/upstream/overlays/kubeflow
# User namespace
- ../common/user-namespace/base
# KServe
- ../contrib/kserve/kserve
- ../contrib/kserve/models-web-app/overlays/kubeflow
# Ray and Seldon resources (commented out by default)
# Ray does not support Istio yet and integration is in alpha state.
# Here is the documentation for Ray: https://docs.ray.io/en/latest/
# Here is the internal documentation for Ray: - ../contrib/ray/README.md
# - ../contrib/ray/kuberay-operator/overlays/kubeflow
#
# Seldon integration notes: Seldon may have specific requirements and limitations.
# Documentation for Seldon: https://docs.seldon.io/projects/seldon-core/en/latest/
# Here is the internal documentation for Seldon: - ../contrib/seldon/README.md
# - ../contrib/seldon/seldon-core-operator/overlays/application
components:
# Pod Security Standards
# https://kubernetes.io/docs/concepts/security/pod-security-standards/
# Uncomment to enable baseline level standards
# - ../contrib/security/PSS/static/baseline
# Uncomment to enable restricted level standards
# - ../contrib/security/PSS/static/restricted
# Uncomment to enable baseline level standards for dynamic namespaces
# - ../contrib/security/PSS/dynamic/baseline
# Uncomment to enable restricted level standards for dynamic namespaces
# - ../contrib/security/PSS/dynamic/restricted